{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31950", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.657Z", "datePublished": "2026-03-27T19:25:25.007Z", "dateUpdated": "2026-03-27T19:55:24.141Z"}, "containers": {"cna": {"title": "LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g"}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"version": ">= 0.8.2-rc2, < 0.8.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T19:26:28.894Z"}, "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue."}], "source": {"advisory": "GHSA-f6rf-vm44-wh5g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:55:17.212435Z", "id": "CVE-2026-31950", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:55:24.141Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31950", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:55:17.212435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:55:21.101Z"}}], "cna": {"title": "LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats", "source": {"advisory": "GHSA-f6rf-vm44-wh5g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": ">= 0.8.2-rc2, < 0.8.2"}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g", "name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T19:26:28.894Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31950", "state": "PUBLISHED", "dateUpdated": "2026-03-27T19:55:24.141Z", "dateReserved": "2026-03-10T15:10:10.657Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T19:25:25.007Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:0.8.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "21865C8B-C628-4275-A552-89F64EF22918", "vulnerable": true}, {"criteria": "cpe:2.3:a:librechat:librechat:0.8.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "47A1B487-1A7B-4E06-8503-56E7D349FAA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue."}], "id": "CVE-2026-31950", "lastModified": "2026-03-30T20:32:16.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T20:16:30.217", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.8.2-rc2,0.8.2)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "danny-avila"}, "product": "libre_chat", "vendor": "danny-avila"}], "analysis": {"en": {"generated_at": "2026-03-31T05:43:27.475184+00:00", "value": {"mitigation_remediation": ["Upgrade LibreChat to version 0.8.2 or later, which contains the fix.", "Verify that all deployed instances have been updated to the patched release.", "Audit application logs for unexpected SSE connections that may indicate exploitation.", "If an immediate update is not possible, restrict access to the SSE endpoint to users with verified ownership or implement manual authorization checks."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized access and disclosure of other users' chat content"}, "threat_synthesis": {"affected_systems": "The affected product is LibreChat by Danny Avila, specifically the release candidates version 0.8.2\u2011rc2 and 0.8.2\u2011rc3. The issue is resolved in the stable 0.8.2 release. No other vendors or products are listed as affected.", "description_and_impact": "The vulnerability is an Insecure Direct Object Reference in LibreChat's SSE streaming endpoint, permitting an authenticated user who knows or guesses a stream identifier to receive real\u2011time chat data belonging to another user. This leak can reveal private messages, AI responses, and tool usage, thereby compromising confidentiality. The weakness corresponds to CWE\u2011284 (Improper Access Control) and CWE\u2011639 (Privilege Dropping).", "risk_and_exploitability": "The CVSS v3.1 base score is 5.3, indicating moderate severity. The EPSS score is less than 1%, suggesting a low probability of exploitation. The vulnerability is not present in CISA\u2019s KEV catalog. An attacker must be authenticated and must determine a valid stream ID; the missing ownership check allows subscription to any stream ID, which is the likely attack vector for insider or compromised account scenarios."}}}}, "created": "2026-03-27T20:27:33.307141+00:00", "updated": "2026-03-31T20:00:50.365342+00:00", "vendors": ["danny-avila", "danny-avila$PRODUCT$libre_chat"]}